Facebook and Twitter Flooded with 437,165 Financial Scams

Scams that are after credit card and financial information have doubled in the past year, new report shows. Such scams are distributed across social media websites. Despite their abundance and frequency, it appears that the number of hacker groups behind them is impressively small – only 18,175.

Researchers at ZeroFOX discovered that last year alone approximately 250,000 financial and banking scams were tricking users on social media platforms such as Facebook and Twitter. The number has doubled in 2017, meaning that a total of 437,165 hoaxes were detected.

How much money are financial scams making?

The report reveals that if every scam successfully lured one victim, this would sum up to $180,986,310 in total global losses. Even though these numbers are way smaller in reality, scammers are still making tons of money.

How much money does a financial scam cost a victim?

The analysis conducted by ZeroFOX shows that a victim is losing $414 per scam on average. As to why these scams are so successful on social media platforms – these platforms offer a vast pool of potential victims.

What techniques are being employed by scammers?

Basically, there are three main methods to attract users. The basic line of scam work here, however, is impersonating financial service institutions.

Social engineering is the number one employed method. Shortly described, social engineering is the art of molding users so that they reveal their personal and/or financial information. In this case, social media users are usually tricked in a way similar to how a watering hole attack takes place.

A watering hole attack is a security exploit that seeks to compromise a precise group of consumers by striking websites that the group is visiting regularly. The end goal may be infecting the targets’ computers, obtaining remote access to the networks at the victims’ place of employment, etc.

Attackers use FinServ [financial services] hashtags & follower monitoring, the process of engaging with the follower’s of an organization’s brand account, to segment and deliver convincing advertisements to sympathetic user audiences. The most lucrative targets include FinServ customers or prospective customers, whose card-holder or other membership status, available funds, and general interest increases their probability to engage with a malicious offer or fall for a social engineering ploy.

Other method employed by fraudsters across social media is close to what spear phishing is. In this case, victims are carefully picked and fraudsters stage reconnaissance. During the process of selecting victims, users are examined carefully. This research includes going through public information, membership lists, groups, pages, liked content, time details, demographics, etc.

The next step is tricking the target into giving away financial data.

This research highlights the growing difficulty of detecting threats on social media, which is increasingly leveraged by attackers to weaken financial services integrity, data security, and bottom lines, researchers concluded.

Since many scams are actually a gateway to malware distribution, keeping the system protected is highly recommended.